Social engineering can be applied in several ways. Not everything is always done over the internet, some cases involve the use of telephones and even observation on the spot. The most important thing to know is that these structured scams are usually applied by groups that know the company, its operations and even its employees. Some groups use seemingly harmless "mini-blasts" to get information to structure a broader attack.
The techniques used vary widely according to the group's creativity (which makes it even more difficult to list all types of scams), however, some have already become known to security experts. Are they:
Bait in English means bait, and baiting is the technique that consists of leaving a kind of attraction (such as a pendrives or a CD on the door of the house or sent to the office) for the person to open and access some malicious file format. When opening the file, the user can give the hacker access from the device.
The tactic involves little work for the criminal. The whole effort is focused on infecting a device and studying how best to make it accessible to the target. To make the job even easier, you need to think of a name for the file that makes it look safe, something like “2018 reports”.
It may seem fantastic or very difficult to happen, however, research by US military security experts has proved otherwise. CDs and pendrives were left in the parking lot of government buildings to analyze the behavior of employees. Over 60% of people opened the content. When the device contained the official workplace logo, that rate rose to 90%.
Although not new, phishing emails are still successful. The technique is to produce a fraudulent communication that appears to be issued by a trusted source, such as a bank, workplace or some other trusted institution.
Know more about the sonicwall vpn.
The attack can coerce the victim to install some malware on the device, share confidential information when filling out registrations or lead the user to click on an infected link.